P2022-ND-061

The Organization obtains payroll administration services from a third party service provider, Universe Machine Corporation (UMC). The Organization authorized UMC to report the breach on their behalf. On August 12, 2021, UMC was the subject of a ransomware attack. It is believed that the attacker gained access to UMC’s environment via brute force attack against public facing ports. The incident was discovered the following day, August 13, 2021, when one of UMC’s managers attempted to log in to their computer. A ransom demand was also found. In its August 19, 2021 update, UMC confirmed “it believes that personal information of certain Saturn management and employees may also have been collected by the threat actor. It is expected that such personal information is of the types set out in [the Breach Report].” In its August 29, 2021 update, UMC “believes that personal information of certain former UMC and Saturn employees may also have been collected by the threat actor. It is expected that such personal information is of the types set out in [the Breach Report].” In its January 25, 2022 update, UMC confirmed that “the threat actor obtained approximately 1% to 3% of its data” and that the “possibility of data exfiltration cannot be ruled out.” In a recent update, the service provider again advised that “since UMC has such a low bandwidth Internet connection, the threat actor was able to download only a small percentage of UMC’s overall data, in the range of 1 to 3%.” UMC also reported that “the disclosed data has not been released into the public domain.”

File Type: pdf
File Size: 767 KB
Categories: 2022